Keamanan siber, sejak 2007.
Keamanan siber, sejak 2007.
Kali ini saya akan coba tehnik lain dari stack overflow, yaitu stack overflow berbasis SEH. Apa itu SEH? silakan dibaca diliteratur-literatur berikut: Structured Exception Handling Win32 Exception handling for assembler programmers Tidak ada yang lebih menyenangkan daripada belajar sambil mencoba.…
Software Description Mel0n Player is a famous software in Indonesia to play music that are provided by the Melon portal (). This software can play any music file types such as mp3, wav, wma, mp4, and others. This player can…
Saya nulis ini supaya ga lupa. Sebenarnya bisa dicari lagi sih alamat ini, cuma lebih enak klo udah ada disini tanpa nyari lagi khan?!. Sejumlah alamat yang dipake untuk tehnik ROP, sbb: VirtualAlloc() Secara sederhana, fungsi VirtualAlloc() akan mengalokasikan memory…
Here are some documents to help you understand some file formats/headers, for file format fuzzing purpose: WAVE PCM soundfile format (RIFF) ZIP File format specification MPEG File format GZip File format SWF File format TIFF…
QuickShare File Server is prone to a FTP directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to modify files outside the destination directory and possibly gain access to the system. Software…
A vulnerability has been discovered in FTPGetter, which can be exploited by malicious people to compromise a user’s system. The issue is likely due to insufficient bounds checking and presents itself when the affected FTP client makes a connection to…
SolarFTP Server 2.0 is prone to a denial of service condition. It fails to properly sanitize user-supplied input resulting in a denial of service. With a specially crafted ‘USER’, ‘APPE’, ‘GET’, ‘PUT’, and ‘NLST’ command, a remote attacker can potentially…
Finally, my first win32 shellcode.. This will execute notepad.exe when loaded. Run on Windows XP SP3 English.
I have created a script that contains of local privilege escalation exploits that was published by Tavis Ormandy via Exploit-DB.com between October – November 2010. Take a look at here 201011-0day-linux-exploit *Update 1: I rename the file and make the…
Written in Python, i try to make a simple fuzzer for FTP server. This script will try to fuzz the commands like APPE, USER, LIST, CWD, etc..you can find all commands here 😉 This script is simply a modified version…